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REMARKS 

Please reconsider the application in view of the above amendments and the following 
remarks. Applicant thanks the Examiner for carefully considering this application. 

Disposition of Claims 

Claims 1, 3-4, 7-10, 13, 15-16, 19, 21-22, 25, 27, 28, 31, 33-34, 36, 37, and 39 are 
pending in this application. Claims 1,7, 13, 19, 25, 31, 34, and 37 are independent. The remaining 
claims depend, directly or indirectly, from claims 1,7, 13, 19, 25, 31, 34, and 37. 

Claim Amendments 

By way of this submission, claims 1, 7, 13, 19, 25, 31, 34, and 37 are amended to 
address formality issues and clarify the invention. Applicant respectfully asserts no new matter has 
been introduced by way of these amendments, as support for these amendments may be found, for 
example, in the originally filed claims and in paragraphs [0007]-[0015] and [0039]-[0043] of the 
specification. 

Claim Objections 

Claims 1, 7, 13, 19, 25, 31, 34, and 37 are objected to because of formality issues in 
the form of grammatical errors. Claims 1, 7, 13, 19, 25, 31, 34, and 37 have been amended to 
address the issues raised by the Examiner. Therefore, the Applicant respectfully requests that the 
Examiner's objection be withdrawn in view of the amended claims. 

Rejections under 35 U.S.C. § 112 
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Claims 1, 7, 19, 25, 31, 34, and 37 stand rejected under 35 U.S.C. § 112 as failing to 
comply with the written description requirement. The Examiner is correct in stating that the 
"temporary user name" is used to obtain "the file," as in a file storing "information resources," i.e., 
data. Support for this statement may be found, for example, in paragraphs [0039]-[0043] of the 
specification. Claims 1, 7, 19, 25, 31, 34, and 37 are amended to reflect that the temporary user 
name is used to obtain a file and not a file dump. Accordingly, the Applicant respectfully requests 
that the rejection under 35 U.S.C. § 1 12 be withdrawn. 

Rejections under 35 U.S.C. § 103 

For unpatentability under 35 U.S.C. § 103(a), a prima facie case of obviousness must 
be established. MPEP § 2143 states that "[t]he key to supporting any rejection under 35 U.S.C. 103 
is the clear articulation of the reason(s) why the claimed invention would have been obvious. The 
Supreme Court in KSR noted that the analysis supporting a rejection under 35 U.S.C. 103 should be 
made explicit." Further, when combining prior art elements, the Examiner "must articulate the 
following: (1) a finding that the prior art included each element claimed, although not necessarily in 
a single prior art reference, with the only difference between the claimed invention and the prior art 
being the lack of actual combination of the elements in a single prior art reference. . ." See, MPEP § 
2143(A). 

Claims 1, 7, 13, 19, 25, 31, 34, and 37 stand rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Allison ("pwdump - Windows NT password hash retrieval") (hereinafter 
"Allison") in view of U.S. Patent No. 5,592,553 (hereinafter "Guski"). To the extent that this 
rejection applies to the amended claims, this rejection is respectfully traversed. 
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Applicants respectfully submit that the Examiner's contentions do not support 
rejection of amended claims 1, 7, 13, 19, 25, 31, 34, and 37 under 35 U.S.C. § 103(a), for at least 
the reasons provided below. 

Contrary to the Examiner's contention, Allison fails to teach or suggest "decrypting 
the encrypted database password to obtain a database password, wherein the database password 
comprises a hash value derived from the user name and password." Specifically, Allison only 
obtains a password database comprising encrypted passwords where the NT password protection 
has been removed. See, e.g., Allison, pages 1,2, 11. Under the description of the article, the author 
specifically states that de-obfuscating the NT Lanman and md4 hashes from the registry has many 
useful implications, "including allowing us to hack the real password" Id. (emphasis added). The 
article also specifically states that the function of the code is to "[g]rab NT password hashes, which 
can then be cracked." Id. The article further states that the Lanman and md4 hash can be written 
into the NT registry for a user account, wherein these account passwords can "be replicated and 
'brute forced' into the NT password database." Id. (emphasis added). At no point does Allison 
teach decrypting the encrypted database password to obtain a database password because it never 
obtains the fully decrypted password. Allison only teaches grabbing an NT password database, 
wherein the NT protection has been cracked by the code, but leaving the password database with its 
primary encryption still intact. Id. Because the fully decrypted password is never obtained, Allison 
fails to teach or suggest decrypting the encrypted database password to obtain a database password, 
wherein the database password comprises a hash value derived from the user name and password. 
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Contrary to the Examiner's contention, Guski fails to teach or suggest "wherein 
access rights associated with the user name are greater than access rights associated with the 
temporary name" or supply that which Allison lacks. Specifically, Guski only describes a password 
evaluator being included with other software, specifically the IBM Resource Control Access 
Facility (hereinafter "RCAF"). See, e.g., Guski, col. 6 11. 42-56. When a user wishes to access a 
host application, a password generator generates a one-time password which is transmitted to an 
authenticating node. See, e.g., Guski, col. 6 11. 35-41. Using values transmitted to the 
authenticating node, a password evaluator then performs a time/date comparison to determine if the 
time between the password being generated and the transmission of the password to the 
authenticating node is within a reasonable timeframe. See, e.g., Guski, col. 6 11. 57-67, col. 7 11. 1-3. 
However, Guski, in its reference to RCAF, only discusses the concept of including a password 
evaluator within a greater security application software. Guski does not describe functionality 
surrounding RCAF that would allow for a reasonable suggestion that RCAF limits application 
accessibility depending on whether a user is the user or a temporary user. Guski does not teach, by 
referencing RCAF, that access rights associated with a user name are greater than access rights 
associated with a temporary name. By only including a reference with no direct or indirect 
reference to varying degree of security levels for a user and a temporary user, Guski fails to teach or 
suggest wherein access rights associated with the user name are greater than access rights associated 
with the temporary name. 

For at least the reasons provided above, the Examiner's contentions fail to support 
rejection of amended claims 1, 7, 13, 19, 25, 31, 34, and 37 under 35 U.S.C. § 103(a). Accordingly, 
withdrawal of the rejection is respectfully requested. 
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Claims 3, 4, 15, 16, 21, 22, 27, 28, 33, 36, and 39 stand rejected under 35 U.S.C. § 
103(a) as being unpatentable over Allison in view of Guski and in further view of U.S. Patent No. 
5,418,854 (hereinafter "Kaufman"). To the extent that this rejection applies to the amended claims, 
this rejection is respectfully traversed. 

As discussed above, amended claims 1, 7, 13, 19, 25, 31, 34, and 37 are patentable 
over Allison and Guski. Further, Kaufman does not supply what Allison and Guski lack because 
the Examiner only cites Kaufman to teach "wherein the database password is encrypted with a 
public key," "wherein the launcher application comprises a private key associated with the public 
key," and "wherein decrypting the encrypted database password is accomplished using a private key 
associated with the public key." See Office Action dated May 29, 2008, pp. 23-25. Thus, the 
Examiner's contentions fail to support a rejection of amended claims 1,7, 13, 19, 25, 31, 34, and 37 
under 35 U.S.C. § 103(a) for at least the reasons given above. 

Accordingly, claims 3, 4, 15, 16, 21, 22, 27, 28, 33, 36, and 39, which depend, 
directly or indirectly, from amended independent claims 1, 7, 13, 19, 25, 31, 34, and 37 are 
therefore patentable over Allison, Guski, and Kaufman for at least the same reasons, and withdrawal 
of this rejection is respectfully requested. 

New Claims 

By way of this reply, claims 40-41 are newly added. Applicant respectfully asserts 
that no new matter has been added by way of this addition, as support for this addition may be 
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found, for example, in paragraphs [0007]-[0015] and [0039]-[0043] of the specification. Applicants 
respectfully submit that the Examiner's contentions do not support a rejection of the new claims 40- 
41 under 35 U.S.C. § 103(a), and are allowable for at least the reasons provided above with respect 
to claim 19, to which claims 40-41 depend. 



Conclusion 



Applicant believes this reply is fully responsive to all outstanding issues and places 
this application in condition for allowance. If this belief is incorrect, or other issues arise, the 
Examiner is encouraged to contact the undersigned or his associates at the telephone number listed 
below. Please apply any charges not covered, or any credits, to Deposit Account 50-0591 
(Reference Number 37202/136001). 



Dated: January 15, 2009 Respectfully submitted, 



By /Robert P. Lord/ 
Robert P. Lord 
Registration No.: 46,479 
OSHA • LIANG LLP 
3945 Freedom Circle, Suite 300 
Santa Clara, California 95054 
(408) 727-0600 
(408) 727-8778 (Fax) 
Attorney for Applicant 
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